Privacy Policy

We take your privacy very seriously and we ask that you read this privacy policy carefully, as it contains important information on who we are and how and why we store, collect, use and share your personal information.

This policy also outlines your rights regarding your personal data, and what steps you can take if you have a complaint.

Who we are

Simpson Millar is a data controller bound by the requirements of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. Our registered office is 39 St Paul’s Street, Leeds West Yorkshire LS1 2JG.

Please address any questions, comments or requests regarding how we process your information to our Data Protection Officer (DPO) Paul Bradley, Direct Dial telephone number: 0113 306 2835 Email: paul.bradley@simpsonmillar.co.uk

 

What personal data will we collect?

 

      • Your name, address and telephone number
      • Information to enable us to check and verify your identity - eg: your date of birth or passport details
      • Electronic contact details - e.g: your email address and mobile phone number
      • Information relating to the matter in which you are seeking our advice or representation
      • Financial details relevant to your instructions, such as the source of your funds if you are instructing on a purchase transaction

We may also collect other personal information, depending on why you have instructed us, including:

        • Your National Insurance and tax details
        • Your bank and/or building society details
        • Details of your spouse/partner, marital status and dependants or other family members - e.g: if you instruct us on a family matter or a Will
        • Your employment status and details including salary and benefits - e.g: if you instruct us on matters related to your employment or in which your employment status or income is relevant
        • Your medical history or records - e.g: if we are acting for you in a personal injury claim
        • Details of disabilities you have if relevant to your case
        • Information to enable us to undertake a credit or other financial checks on you
        • Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information
        • Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data) - e.g: if you instruct us on matters related to your employment or in which your employment records are relevant
        • Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs - e.g: if you instruct us on a discrimination claim
        • Your trade union membership - e.g: if you instruct us on a discrimination claim or your matter is funded by a trade union
        • Information on open social media accounts in the public domain only where relevant to your claim

 

How Your Personal Data Is Collected

We collect most of this information from you directly. However, we may also collect information in the following ways.

          • From publicly accessible sources - eg: Companies House or HM Land Registry
          • Directly from a third party - e.g: insurance providers, estate agents, trade unions or other introducers, credit reference agencies, client due diligence providers or other organisations who’ve obtained your permission to share information about you with us
          • From a third party with your consent - E.g: your bank or building society, another financial institution or advisor, insurance companies, consultants and other professionals we may engage in relation to your matter, your employer, professional body or pension administrators, your doctors, medical and occupational health professionals
          • From online review sites when you leave feedback about a service we’ve provided to you
          • Via our website - we use cookies on our website (see out Cookies Policy below for further details)

 

How We Use Your Personal Information

We’ll only use your personal data if we have a proper reason for doing so.

The information that you provide to Simpson Millar will be used to deal with your enquiry and provide services you request from us.  We also use this information to recommend other, relevant Simpson Millar services to you where you have given your consent, to improve the service we provide to you and future clients and to enhance the targeting of our marketing.

We will never share your information with third parties for them to sell their products or services to you unless you have provided consent.

We’ll therefore need to process that information either:

            • For the performance of our contract with you or to take steps at your request before entering into a contract
            • To comply with our legal and regulatory obligations
            • For our legitimate interests or those of a third party
            • Where you have given consent

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

If we need to process your sensitive information, such as your health records or trade union information to proceed with your case, we’ll do so on the basis that processing is necessary for the establishment, exercise or defence of your legal claim.

You acknowledge that we’re entitled to obtain, use, process and disclose your personal information to enable us to discharge the services which we have agreed to provide, and for other related purposes, including updating client records, analysis for management purposes, crime prevention and legal and regulatory compliance.

As stated above, we’ll need to process your personal data in order to conduct your claim or matter under our retainer. If you don’t provide us with this data, we won’t be in a position to assist you with your matter.

We may use your personal information to better understand your interests and preferences so that we can contact you with information about our products and services that we believe are relevant to you.  We may make use of additional information about you when it is available from external sources to help us do this effectively.  We have a legitimate interest to process your information in this way, however, you have the right to object to this processing at any time by emailing our Data Protection Officer at DataProtection@simpsonmillar.co.uk

We won’t use your personal data to carry out automated decisions about you - i.e. to use technology alone to make any processing decisions that carry legal effect.

 

Sharing your information

 Whilst acting for you, in order to assist with your case, we may share your personal information including your name, contact details, personal circumstances and relevant information about your case with selected third party suppliers

This will enable us to discharge the services which we have agreed to provide.

We routinely share personal data with:

              • Professional advisers who we instruct on your behalf or refer you to - e.g: barristers, medical professionals and agencies, accountants, tax advisors or other experts
              • Other third parties where necessary to carry out your instructions - e.g: your mortgage provider, estate agent, HM Land Registry and HMRC in the case of a property transaction, or Companies House, a court, tribunal, third party insurers or defendant solicitor on a litigated matter
              • The person or organisation that referred you to us, such as a trade union or claims management company
              • Any insurance company that is providing financial assistance for your claim, such as a provider of legal expenses insurance or other third party funders
              • Insurers and brokers
              • External auditors - e.g: Law Society to verify the quality of service provided by us under independent accreditations like Lexcel and the audit of our accounts
              • Our bank
              • External service suppliers, representatives and agents that we use to make our business more efficient - e.g: legal costs draftsman, typing services, PR/marketing agencies, document collation, couriers like Royal Mail and DHL or analysis suppliers including social media.
              • The Legal Aid Agency if you are publicly funded
              • With third party organisations like Trust Pilot and Survey Monkey to contact you in relation to customer surveys or market research.
              • Property search companies on conveyancing transactions
              • Online ID checking services in order to verify your identity under the Money Laundering Regulations or to meet other regulatory requirements
              • Our website uses a ‘Chat Bot’ hosted by e-bot7 to answer customer enquiries
              • Third party data services, for example Experian, who may help us to segment and understand our clients by providing additional information so that we can send the most relevant and targeted communications possible. We will also use this information to be able to improve our services and to make our marketing and advertising more effective in the future

We only allow our service providers to handle your personal data if we’re satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

It may sometimes be necessary to transfer personal information outside the UK. We will only transfer your personal information overseas to third party service providers where we are sure that your personal information is protected to the same standard as it would be protected in the UK.

Promotional Communications

 We may use your personal data to send you updates by email, text message, telephone or post about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services or products.

We have a legitimate interest in processing your personal data for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We’ll always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

You have the right to opt out of receiving promotional communications at any time by:

Contacting us by calling 0345 357 9977

Using the ‘unsubscribe’ link in emails in any communication we may send you.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

 

How long will we hold your information?

Where we have acted for you or your information relates to a matter we’ve acted in, we’ll usually keep paper records for 7 years and electronic records for 15 years.

Exceptions to this include property transactions, commercial litigation, wills, clients who are minors or who may lack capacity.

Where we have not acted in a matter we will usually keep electronic and written records for 2 years.

If you have shared any information with us via social media, such as your name, address and details regarding a case, this will only be kept for 2 years.

 

Your Rights

You have the following rights, which you can exercise free of charge.

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

To be forgotten

The right to require us to delete your personal data - in certain situations

Restriction of processing

The right to require us to restrict processing of your personal data in certain circumstances - e.g: if you contest the accuracy of the data

Data portability

The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party - in certain situations

To object

                • at any time to your personal data being processed for direct marketing (including profiling);
                • in certain other situations to our continued processing of your personal data - e.g: processing carried out for the purpose of our legitimate interests.

If you’d like to see the information we hold or enforce any of the other above rights, please contact our DPO.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.

We limit access to your personal information to those who have a genuine business need to know it.

Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

 

How to Complain

We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.

If you have a complaint about how we process your personal data or our compliance with GDPR, you can contact the Information Commissioner’s Office (ICO), who are independent, impartial and have official powers to resolve complaints. Here’s how to get in touch:

Website: https://ico.org.uk/global/contact-us/

Email: casework@ico.org.uk

Helpline no: 0303 123 1113

 

Cookies

In order to provide you with a better user experience, we sometimes place small data files - known as cookies - on a user’s computer or device.

These data files don’t store personal information about you, but merely about the choices you make when navigating our website and are used purely for analytical purposes.

Due to regulations specified by the Solicitors Regulatory Authority we display the SRA’s Digital badge which may set similar Google Analytics cookies. The cookies collect information in a way that does not directly identify anyone

More information about cookies in general can be found here: www.allaboutcookies.org

The way we use cookies on our websites:

 

                1. Analytics

We use Google Analytics to store information about how visitors use our website, so we can make improvements and provide visitors with a better user experience.

Google Analytics is a third party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. These cookies don’t store any personal information about you, such as your name or address, and we don’t share the data. You can view their privacy policy below:

Google - google.com

 

                1. Session Recording

We use Hotjar in order to better understand our users’ needs and to optimise our service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

 

                1. Internet based Advertising

We use Google Analytics and Facebook tracking code to support Advertising features such as remarketing and retargeting to inform, optimise and serve ads based on your past visits to our website or on our adverts.

You can opt out of the Google Analytics Advertising Features you use through Ad Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out). Google Analytics’ opt-outs for the web.

You can opt out of Facebook by adjusting your settings in Facebook.

Examples of cookies set:

Google Analytics

Cookie Name: _utma; Typical content: This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.; Expires: 2 years

Cookie Name: _utmb; Typical content: This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it doesn’t find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals

Cookie Name: _utmc; Typical content: this cookie is operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user; Expires as soon as you exit your browser

Cookie Name: _utmz; Typical content: This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It’s used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site and expires after 6 months

General Session Cookie set by our website:

Name: Asp.net_sessionid; Typical content: randomly generated text that is session based and expires as soon as you close your browser

IP addresses

An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Simpson Millar doesn’t have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.

Giving or removing consent using your browser

You are completely in control of cookies stored on your device and can view/delete them at any time using settings in your browser.

Note: Obstructing all cookies could, however, have an adverse impact upon the usability of this website and many others on the internet.

Adalyser

An analytics platform that is used to measure response to TV advertising.

Cookie Name: _ __adal_cookies; Typical content: This cookie is used to store your cookie consent preferences and is persistent.

Cookie Name: __adal_ca, Typical content: Stores which advertising campaign drove a user to visit, stores traffic source and campaign data and is Persistent

Cookie Name:__adal_cw, Typical content: Ties back conversion events to earlier visits, stores a visit timestamp and is Persistent

Cookie Name: adal_id, Typical content: Uniquely identify a device, stores a generated Device ID and is Persistent

Cookie Name:__adal_ses, Typical content: Determines whether there is an active session and which conversions have taken place in this session to prevent duplicates, stores a list of events in this session – only lasts for the session

Hotjar

A list of all cookies set by Hotjar and their purpose

Relating to the user

Cookie name

Description

_hjSessionUser_{site_id}

·       Set when a user first lands on a page.

·       Persists the Hotjar User ID which is unique to that site.

·       Ensures data from subsequent visits to the same site are attributed to the same user ID.

·       365 days duration.

·       JSON data type.

_hjid

·       Set when a user first lands on a page.

·       Persists the Hotjar User ID which is unique to that site.

·       Ensures data from subsequent visits to the same site are attributed to the same user ID.

·       365 days duration.

·       UUID data type.

_hjFirstSeen

·       Identifies a new user’s first session.

·       Used by Recording filters to identify new user sessions.

·       Session duration.

·       Boolean true/false data type.

_hjUserAttributesHash

·       User Attributes sent through the Hotjar Identify API are cached for the duration of the session.

·       Enables us to know when an attribute has changed and needs to be updated.

·       Session duration.

·       Hash data type.

_hjCachedUserAttributes

·       Stores User Attributes sent through the Hotjar Identify API, whenever the user is not in the sample.

·       Collected attributes will only be saved to Hotjar servers if the user interacts with a Hotjar Feedback tool.

·       Cookie used regardless of whether a Feedback tool is present.

·       Session duration.

·       JSON data type.

_hjViewportId

·       Stores user viewport details such as size and dimensions.

·       Session duration.

·       UUID data type.

 

 

 

Relating to the session

 

Cookie name

Description

_hjSession_{site_id}

·       Holds current session data.

·       Ensures subsequent requests in the session window are attributed to the same session.

·       30 minutes duration.

·       JSON data type.

_hjSessionTooLarge

·       Causes Hotjar to stop collecting data if a session becomes too large.

·       Determined automatically by a signal from the WebSocket server if the session size exceeds the limit.

·       Session duration.

·       Boolean true/false data type.

_hjSessionRejected

·       If present, set to '1' for the duration of a user's session, when Hotjar has rejected the session from connecting to our WebSocket due to server overload.

·       Applied in extremely rare situations to prevent severe performance issues.

·       Session duration.

·       Boolean true/false data type.

_hjSessionResumed

·       Set when a session/recording is reconnected to Hotjar servers after a break in connection.

·       Session duration.

·       Boolean true/false data type.

_hjLocalStorageTest

·       Checks if the Hotjar Tracking Code can use local storage.
If it can, a value of 1 is set.

·       Data stored in_hjLocalStorageTest has no expiration time, but it is deleted almost immediately after it is created.

·       Under 100ms duration.

·       Boolean true/false data type.

_hjIncludedInPageviewSample

·       Set to determine if a user is included in the data sampling defined by your site's pageview limit.

·       30 minutes duration.

·       Boolean true/false data type.

_hjIncludedInSessionSample

·       Set to determine if a user is included in the data sampling defined by your site's daily session limit.

·       30 minutes duration.

·       Boolean true/false data type.

_hjAbsoluteSessionInProgress

·       Used to detect the first pageview session of a user.

·       30 minutes duration.

·       Boolean true/false data type.

_hjTLDTest

·       We try to store the _hjTLDTest cookie for different URL substring alternatives until it fails.

·       Enables us to try to determine the most generic cookie path to use, instead of page hostname.

·       It means that cookies can be shared across subdomains (where applicable).

·       After this check, the cookie is removed.

·       Session duration.

·       Boolean true/false data type.

 

Relating to Recordings

 

Cookie name

Description

_hjRecordingEnabled

·       Set when a Recording starts.

·       Read when the Recording module is initialized to see if the user is already in a recording in a particular session.

·       Session duration.

·       Boolean true/false data type.

_hjRecordingLastActivity

·       Set in Session storage as opposed to cookies.

·       Updated when a user recording starts and when data is sent through the WebSocket (the user performs an action that Hotjar records).

·       Session duration.

·       Numerical Value (Timestamp) data type.

 

Relating to Feedback and Survey tools

 

Cookie name

Description

_hjClosedSurveyInvites

·       Set when a user interacts with an external link Survey invitation modal.

·       Ensures the same invite does not reappear if it has already been shown.

·       365 days duration.

·       Boolean true/false data type.

_hjDonePolls

·       Set when a user completes an on-site Survey.

·       Ensures the same Survey does not reappear if it has already been filled in.

·       365 days duration.

·       Boolean true/false data type.

_hjMinimizedPolls

·       Set when a user minimizes an on-site Survey.

·       Ensures that the Survey stays minimized when the user navigates through your site.

·       365 days duration.

·       Boolean true/false data type.

_hjShownFeedbackMessage

·       Set when a user minimizes or completes a Feedback widget.

·       Ensures the Feedback widget will load as minimized if the user navigates to another page where it is set to show.

·       365 days duration.

·       Boolean true/false data type.

 

Changes to our Privacy and Cookies Policies

Our Privacy and Cookie Policies were last published on 14th July 2022

We may change our Privacy and Cookies Policies from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.